Silk Road forums
Discussion => Security => Topic started by: lowberry on May 10, 2012, 05:46 am
-
like when ordering can I use a privnote link in the shipping info? will it be as safe as pgp?
-
like when ordering can I use a privnote link in the shipping info? will it be as safe as pgp?
I can't speak for every seller but I would have absolutely no problem with this -theoretically it's not as safe as encrypting with PGP but it has the advantage that it's guaranteed to be deleted after being viewed once. Maybe you could point this out to the seller and ask them only to view the link when they actually have the package ready to be addressed?
As an alternative why not encrypt your address with the seller's public key and then put that into a privnote?
V.
-
like when ordering can I use a privnote link in the shipping info? will it be as safe as pgp?
I can't speak for every seller but I would have absolutely no problem with this -theoretically it's not as safe as encrypting with PGP but it has the advantage that it's guaranteed to be deleted after being viewed once. Maybe you could point this out to the seller and ask them only to view the link when they actually have the package ready to be addressed?
As an alternative why not encrypt your address with the seller's public key and then put that into a privnote?
V.
thats not a bad idea, i still dont know how to use pgp though
-
^^^
I too had trouble with PGP but then I read this and it all became clear.
http://p3lr4cdm3pv4plyj.onion/guides/kleotxt.html
-
^^^
I too had trouble with PGP but then I read this and it all became clear.
http://p3lr4cdm3pv4plyj.onion/guides/kleotxt.html
+1 Karma to deadkndys420 for providing the link to an excellent guide for getting started with PGP.
V.
-
Awesome link deadkndys420, this whole pgp thing has been wrecking my not so smart brain for the last few weeks. Thanks to all the forum members who have been so helpful with all this as I'd still be struggling to make an order without your help. Peace & Love
-
You could trust your safety to privnote; I wouldn't but you could. It's more do you trust that they delete, and even if they do unless it's being over written many time the data is recoverable. Always handle your own encryption.
~Digi
-
@onemanarmy, when I started using PGP I was pretty confused, now its fairly easy, but a program that got me started was called cryptophane.. I recommend it for sure!
-
^^^
I too had trouble with PGP but then I read this and it all became clear.
http://p3lr4cdm3pv4plyj.onion/guides/kleotxt.html
thanks alot bro, that made it much easier, I think I almost got this down now, lol
-
@onemanarmy, when I started using PGP I was pretty confused, now its fairly easy, but a program that got me started was called cryptophane.. I recommend it for sure!
I'm not sure cryptophone is supported any longer. What you could try instead is: Windows Privacy Tray (WinPT). WinPT can be downloaded from:
Binary: http://wald.intevation.org/frs/download.php/734/winpt-1.4.3-exe.zip
Documentation: http://wald.intevation.org/frs/download.php/280/winpt-intro-1.1.1.pdf
Guru
Thx Guru for the tip :)
-
Great info lads, thanks once again for the info much appreciated.
-
I would personally use GPG for it as it's a little bit of a hassle but worth it for the peace of mind, nice site though, use it when I'm not doing real dodgy business (like sending my adress to buy drugs) :)
-
like when ordering can I use a privnote link in the shipping info? will it be as safe as pgp?
HELL to the FUCK to the NO.
I would not use that LE Honeypot, are you kidding me? You're just going to take the word of a completely unknown entity with private information. Again:
HELL to the FUCK to the NO.
It is no where near as safe PGP, not even in the same universe.
-
it can't compare to public key crypto
however, this is a method I developed recently when placing an order with a vendor that doesn't use crypto
this is all done using tor
1. get seller's email
2. get a mailinator account
3. get a tormail account
4. register for pastebin w/mailinator address
5. activate pastebin acct, delete pastebin email from mailinator
6. make an 'unlisted' paste containing your shipping info
7. create a privnote that contains the link to the paste
8. send the privenote link to seller
pastebin will show you how many views the paste has
either confirm with the seller they've got your email or just watch how many hits it gets
then delete the paste
it's not bulletproof, but it's far better than just sending out emails containing your info
-
Thanks aciddeath,
Are there really sellers who don't use PGP/GPG? I had no idea!
V.
it can't compare to public key crypto
however, this is a method I developed recently when placing an order with a vendor that doesn't use crypto
this is all done using tor
1. get seller's email
2. get a mailinator account
3. get a tormail account
4. register for pastebin w/mailinator address
5. activate pastebin acct, delete pastebin email from mailinator
6. make an 'unlisted' paste containing your shipping info
7. create a privnote that contains the link to the paste
8. send the privenote link to seller
pastebin will show you how many views the paste has
either confirm with the seller they've got your email or just watch how many hits it gets
then delete the paste
it's not bulletproof, but it's far better than just sending out emails containing your info
-
Thanks aciddeath,
Are there really sellers who don't use PGP/GPG? I had no idea!
V.
it can't compare to public key crypto
however, this is a method I developed recently when placing an order with a vendor that doesn't use crypto
this is all done using tor
1. get seller's email
2. get a mailinator account
3. get a tormail account
4. register for pastebin w/mailinator address
5. activate pastebin acct, delete pastebin email from mailinator
6. make an 'unlisted' paste containing your shipping info
7. create a privnote that contains the link to the paste
8. send the privenote link to seller
pastebin will show you how many views the paste has
either confirm with the seller they've got your email or just watch how many hits it gets
then delete the paste
it's not bulletproof, but it's far better than just sending out emails containing your info
Yeah, there are a few vendors that don't use pgp. You would be surprised.